Learning PHP and MySQL

Example 14-4 Not initializing a variable was a hole in sample.php

<?php
if  (check_username_and_password())  {
//they  logged  in  successfully
$access  =  TRUE;
}
if  ($access)  {
echo  "Welcome  to  the  administrative  control  panel.";
//more  privileged  code  here…
}
else  {
echo  "Access  denied";
}
?>

The value for $access of TRUE from the GET parameter would cause the check for access to return TRUE when register_globals is on. Modifying the code to look like this:

<?php
//predefining  the  value  is  good  coding  practice  anyway
$access  =  FALSE;
if  (check_username_and_password())  {
//they  logged  in  successfully
$access  =  TRUE;
}
if  ($access)  {
echo  "Welcome  to  the  administrative  control  panel.";
//more  privileged  code  here…
}
else  {
echo  "Access  denied";
}
?>

This causes the correct message to come up.

Posted by on 09/25 at 02:39 PM

Next entry: Example 14-5 Sessions with register_globals on or off in session_test.php

Previous entry: Example 14-3 Comparing the output of md5 to that of sha1

<< Back to main

Learning PHP and MySQL

Example 14-4 Not initializing a variable was a hole in sample.php

About

Monthly Archives

Most Recent Entries

Syndicate